Cyber Assault on Internet Archives: Significant Breach and DDoS Attack

The Internet Archives, a well-known American nonprofit digital library, has recently come under attack from a series of Distributed Denial of Service (DDoS) incidents. On October 9, 2024, this wave of assaults culminated in a significant cyber attack that compromised approximately 31 million user accounts, resulting in a distressing defacement of the website.

Users visiting the Internet Archives were met with alarming alerts on Wednesday, indicating that their accounts had been targeted in a cyber breach. These messages warned that sensitive information had been compromised and directed affected individuals to verify their account statuses on “Have I Been Pwned,” a service known for notifying users about data breaches involving their personal information.

The recent attack was notably sophisticated, utilizing a pop-up notification mechanism to inform users attempting to access the site during the aftermath of the breach. Brewster Kahle, the founder of the Internet Archives, has acknowledged the gravity of the situation and has promised further updates for the public as investigations proceed.

Initial investigations suggest that attackers gained access to a significant amount of sensitive data from the breached accounts, including email addresses, usernames, timestamps for recent password changes, and Bcrypt hashed passwords—a cryptographic technique commonly used for secure password storage. The scale of the breach raises considerable concerns regarding the security and confidentiality of user data retained by the Internet Archives.

A DDoS attack, characterized by an overwhelming amount of fraudulent internet traffic directed toward the server from a network of compromised devices or botnets, aims to disrupt regular operations and render websites inaccessible to genuine users.

This cyber incident comes shortly after the Internet Archives found itself embroiled in legal issues related to copyright. Following a contentious legal battle, the organization was compelled to withdraw over 500,000 books from its digital archive, greatly restricting its digital lending capabilities. This decision was made in response to lawsuits from several publishers challenging the Archives’ policies on copyright and ownership of historical texts. Consequently, the considerable investments made in their scanning infrastructure, termed ‘Scribe,’ now seem precarious. The National Emergency Library, established in 2020 to enhance access to digital resources during the COVID-19 pandemic, has also faced significant legal scrutiny affecting its mission to preserve and provide access to knowledge.

As the Internet Archives manages the aftereffects of this cyber breach, the implications for digital preservation and public access to information are profound. The organization’s dedication to archiving the internet and its diverse resources now confronts the dual challenges of cyber threats and legal constraints, leading to essential discussions about the future of digital libraries in a landscape increasingly fraught with conflict.

Ad

Source